Apr 26, 2023 8:03 AM PT

Jamf expands Apple device management and security suite

Jamf introduced new tools for enterprise tech managing Apple fleets, with improvements in security, deployment, provisioning, authentication and more.

Jamf is expanding its reach with new security solutions for Android and Windows devices along with new tools to help better manage enterprise Apple-centric fleets.

The company recently also announced Executive Threat Protection, a sophisticated security protection solution to help protect execs, media, government and other high-value targets against spyware.

Minding the gap?

The company made a range of announcements at its spring event. Jamf CEO Dean Hager said: “We at Jamf bridge the gap between the great innovations at Apple and what businesses and schools require — and we have always been Apple-first.”

With that in mind, the company's tools rely on Apple’s latest innovations for enterprise tech, including MDM APIs, Declarative Device Management and Managed Device Attestation.

But it appears the company is widening its lens. “After establishing the foundation and support for new Apple workflows, Jamf is broadening the reach of several of our security products for institutions that may not be Apple exclusive,” Hager said. “Whatever your device ecosystem and size of deployment, Jamf is here to help you maximize your technology investment and power your end users.”

Better tools for account management, authentication, deployment

Jamf continues to improve its Jamf Connect suite for account management and authentication. To achieve this, it has extended Jamf Connect to include zero-trust access capabilities, including a useful auto-activation after setup feature.

The idea is that remotely provisioned devices will automatically be activated on first run, wherever they are, eliminating the need to use sometimes problematic VPNs. The company said this enables narrow access to only the specific apps and resources a user needs for their role — no matter whether the app is on-premises or in the cloud — dramatically improving data security.

When it comes to new device deployment, the MDM provider now offers out-of-the-box macOS account provisioning with Jamf Trust, which will automatically activate a secure network connection when a user first sets up the Mac. The idea is that a remote Mac can be provisioned with software, settings, cloud identity, and network access as soon as a user sets it up the first time using their credentials.

Device management is also improved with a new automated system to create and manage unique local administrator passwords for each managed Mac at the time of enrollment. With this tool, the password of a managed administrator account can be randomized, which helps maintain operational security. In another change, managed apps will now let users know when updates are available.

Finally, Jamf unveiled plans for Remote Assist, a new feature coming this summer that will allow admins to initiate a secure  remote desktop session directly from within the MDM console to provide support.

Securing the secure platforms

The company touted its continued efforts to provide the best solution for identity security for Macs. To do so, Jamf is working with Okta to deliver Okta’s verification and FastPass services for secure provisioning of Mac user accounts. These are big steps toward simplifying account-driven user enrollment onboarding while enhancing login security on BYOD hardware. In essence, it means your employees will be able to use fast and secure biometric (Face/Touch ID) logins for all company apps, even on personally owned devices.

Jamf has been working with SwiftConnect to offer digital employee badges in digital wallets since last year. The fruits of that effort are now available in the form of something the company calls “Employee Badge with Jamf Trust." The big news is that with an eye on the multiplicity of mobile platforms used in most offices, the company plans to introduce the system to Android devices soon.

Jamf Protect gains Microsoft, Google, and Amazon authentication

The Jamf Protect system already has built-in telemetry security monitoring; the company extended those features with the introduction of conditional access controls with Microsoft, Google, and Amazon.

This integration means organizations can extend access controls across the entire Azure Active Directory workflow, use Google BeyondCorp (Mac, iPad, iPhone), and offer an integration with AWS Verified Access. In all three cases, integration with these widely used access control systems helps businesses ensure devices accessing its systems are verified and secure.

Jamf Protect also integrates with Microsoft Sentinel, which means enterprises can monitor and protect their Mac fleet using Microsoft’s protection, which offers a unified view across security events across all endpoints. This is useful because, in layman’s terms, the capacity to monitor every device in a company fleet may deliver an early warning of coordinated security events.

The company noted that its access policies dynamically react the minute Jamf Protect detects a risk. The system will respond to threats in real-time, stopping access to sensitive resources when a risk is detected by shutting down the user’s secure connection.

Jamf also introduced a new enhancement that allows organizations to detect whether a user disables their secure connection and then immediately suspends their access.

And a little Windows support

With a view to education IT, the company improved its web content-filtering solution, Jamf Safe Internet, introduced last year. For me, the most interesting news is that schools will be able to deploy the solution to Windows PCs starting this summer. It is already available to Chromebook and Apple platforms.

The solution is currently used across over 400 US schools.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.